Trying to get my Verizon MiFi to auto-connect to my VPN server for content filtering, web cache, etc. Played with the OPVN file until I found the right combination of settings that didn’t cause the MiFi to error out.
I had to remove the line “mute-replay-warnings” from the OPVN config and, once I did, the MiFi took the drag and drop file. I also had to provide a dummy username and password as my OpenVPN server does not use username/password combos. I put “blank” and a random password on the MiFi field. Pics at the bottom of the post.
I don’t recommend using these settings verbatim, but use it as a reference for the VPN configuration file that you generate for your OpenVPN server.
OpenVPN config file settings are below and the file name is WhateverYouWant.opvn.
client
resolv-retry 20
keepalive 10 60
nobind
ns-cert-type server
comp-lzo
max-routes 500
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
proto udp
port 1194
cipher AES-128-CBC
remote somevpnserver.somedomain.com 1194 # public DNS address
remote 111.222.333.444 1194 # public IP address
<ca>
-----BEGIN CERTIFICATE-----
Some CA Certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Some Client Certificate
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
Some Private Key
-----END PRIVATE KEY-----
</key>
Another follow up: looks like a Pro 5G firmware update has changed the OpenVPN configuration again. No need for a site-to-site VPN connection, a regular client connection will do. In addition, once the OpenVPN config file is loaded and saved, reboot the MiFi otherwise you’ll run into frequent disconnects and go in circles troubleshooting.
You can also use username/password authentication. I’m still testing 2FA configs in my lab.
Nuances to a poorly documented device.
Just confirmed that this works on the Inseego 5G T-Mobile device as well with one MAJOR exception: I had to export this as a site-to-site VPN and not a client-to-site VPN configuration which means I had to set a unique network on the MiFi device and set that as a remote network on my OpenVPN server. Big change, but the settings are identical.